Project

General

Profile

BCM4751protocol

This page contains data copied from BCM4751.

Post protocol switching - receiving

Byte content
1 length 1 fe fe fe
2 length 2 00 00 00
3 fd fd fd
4 40 0f 0f
5 00 ff ff
6 sequence nr. 00 07 08
7 F1 06 06
8 B1 06 06
9 12 00 00
10 20 01 01
11 checksum 67 54 1c
12 end marker fc fc fc

Post protocol switching - sending

Byte content
1 length 1 fe
2 length 2 00
3 fd
4 6f
5 3a
6 sequence nr. 01
7 00
8 00
9 00
10 00
11 checksum 34
12 end marker fc

more details about the bytes

  • Byte 1-2 of 12: length
    quite many bit/bytes for length, are there more details hidden?
    fe00 = 12bytes
    fe01 = 16bytes
    fe02 = 20bytes
    fe03 = 24bytes
    fe04 = 28bytes
    fe05 = 32bytes
    fe06 = 36bytes
    fe07 = 40bytes
    ff00 =  8bytes
    
  • Byte 6 of 12 seems to be a sequence number, if I do it right after booting the chip it starts with 01
  • Byte 11 of 12: checksum
  • Byte 12 of 12: end marker contains fc

sequence 0 receiving

Ready to switch protocol!
Sending unknown bytes!
Read 12 bytes:
[0000]   FE 00 FD 40 00 00 F1 B1   12 20 67 FC               ........ ..g.

sequence 7,8 receiving, sending unknown string seq 01

Sending this string:
"\xfe\x00\xfd\x6f\x3a\x01\x00\x00\x00\x00\x34\xfc" 
many times makes some other string appear on the serial port, sequence 7,8.